# HG changeset patch
# User Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
# Date 1302805671 0
# Node ID 95aace124a8e4bb8efe96716760a3f7fb211dbb2
# Parent  52e13bf0bb402e92cc1cc72bbad6306fe1a9f789
use idea from Eli Collins to use a list of deprecated password encoding schemes

diff -r 52e13bf0bb40 -r 95aace124a8e roundup/password.py
--- a/roundup/password.py	Thu Apr 14 18:10:58 2011 +0000
+++ b/roundup/password.py	Thu Apr 14 18:27:51 2011 +0000
@@ -240,7 +240,8 @@
     """
     #TODO: code to migrate from old password schemes.
 
-    known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ]
+    deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
+    known_schemes = ["PBKDF2"] + deprecated_schemes
 
     def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
         """Call setPassword if plaintext is not None."""
@@ -259,7 +260,7 @@
         """ Password has insecure scheme or other insecure parameters
             and needs migration to new password scheme
         """
-        if self.scheme != 'PBKDF2':
+        if self.scheme in self.deprecated_schemes:
             return True
         rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
         if rounds < 1000:
diff -r 52e13bf0bb40 -r 95aace124a8e test/test_cgi.py
--- a/test/test_cgi.py	Thu Apr 14 18:10:58 2011 +0000
+++ b/test/test_cgi.py	Thu Apr 14 18:27:51 2011 +0000
@@ -431,7 +431,7 @@
         cl = self._make_client(form)
         # assume that the "best" algorithm is the first one and doesn't
         # need migration, all others should be migrated.
-        for scheme in password.Password.known_schemes[1:]:
+        for scheme in password.Password.deprecated_schemes:
             pw1 = password.Password('foo', scheme=scheme)
             self.assertEqual(pw1.needs_migration(), True)
             self.db.user.set(chef, password=pw1)